Provided are computerized systems and methods for biometrically authenticating a user’s identity using a learned representation of the user’s neurological patterns, processes, and/or decision making, which may generally be referred to as a “biometric brain fingerprint”. Example techniques include asking the user to perform a task and comparing their performance or response to a biometric brain fingerprint learned from prior user performance on tasks. For example, the user’s response can be compared to a predicted response that has been predicted by a machine-learned biometric model that has been trained based on data from the prior user performance on tasks. The task can be nearly any task, including any task that involves application or stimulation of the user’s executive function, such as an item selection task, sequence selection task, item manipulation tasks, and/or a simple captcha-like task. The machine learned biometric model can be implemented with lower complexity models such as a Markov model or can be done with more advanced techniques like recurrent neural networks, compact prediction trees, or support vector machines. In one example, a model can determine a probabilistic confidence level representing the model’s confidence that the current user’s performance matches a biometric brain fingerprint corresponding to the authentic user’s performance of similar tasks. In another example, the user’s performance can be compared (e.g., algorithmically or heuristically, such as with a distance measure) to a predicted performance predicted by the machine learning model. The proposed methods can be used in connection with existing authentication methods, such as two-factor identification and bootstrapping and/or can be used as part of an account recovery mechanism. The method can also be used as a seedable challenge-and-response authentication framework, which can prevent spoofing attacks or replay attacks based on the recording or theft of biometric data. The task can also be used to create a cryptographic key specific to the user’s brain fingerprint and/or specific to a particular transaction based on the challenge-and-response seed. The methods described in this paper also share some commonalities with, and may be combined with, methods from non-biometric cryptography, such as physical uncloneable functions and side channel analysis for side-channel attacks.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Drewry, Will, "Brain-Dependent Biometric Authentication via Analysis of User Tasks, and Corresponding Cryptographic Key Generation", Technical Disclosure Commons, (June 08, 2022)